cmmi e it governance
TRANSCRIPT
Presentation by,
Chandrima Das (07030241006)Raveesh Goswami (07030241024)
Sampreeth Agara (07030241029)Sourabh Soni (07030241032)
Surbhit Bansal (07030241033)Vijay Chakule (07030241035)
What is CMMI??
IT Governance & Benefits:
How CMMI bridges gap
Decision Rights, Communication and Accountability:
1. IT Governance at its essence is about decision-making and communications.
2. The need stems from need of organizations to make good decisions and communicate them effectively.
3. Poor outcomes force org. to review the decisions made and place structures supporting better decisions.
4. The decisions can be: -
1. Whether to invest in a new initiative.
2. Approve an annual report
3. Provide access to sensitive data
4. Include software code in a release.5. Project funding, project content management, architecture content.
6. Quality management that are made in the course of executing the processes.
How CMMI helps:
Possible to establish enforceable governance decisions within the processes of an organization.
Helps in demonstrating to the business what is working and what is not,
How those processes may be changed to create greater benefit to the business.
Briefly, we say the governance process is applied to the governed processes.
Example : - Operation metrics specifications daily basis for exerting control on the business processes.
An example: - daily average response time. For the developing organizations, code churn -- the frequency of changes in program source code -- would be an operational measure but without proper methods that would lead to improper decision making about company’s growth.
Benefits to the Organization:1. Process Improvement- monitored against historical data, creation of a
viable, improvable process infrastructure, focus on defining and following its processes.
2. Quality products/Services- Quality products are a result of quality processes.
3. Value for Stakeholders- Quality products, predictable schedules, and effective measures to support management in making accurate and defensible forecasts.
4. Employer of Choice- Emphasizes training, both in disciplines and in process, Engg. Comfortable.
5. Enhanced Customer Satisfaction- Meeting cost and schedule targets with high-quality products.
6. Increase in market share- Improves estimation reducing variability to enable better & accurate bids. Meeting of quality goals.
7. Cost Savings- Historical data collected to support project estimation
Examples of CMMI impact-ROI1. Accenture- 5:1 ROI for quality activities.
2. Raytheon: Avoided $3.72M in costs due to better cost performance.
3. Siemens: 2:1 ROI over 3 years with benefits amortized over less than 6 months.
4. Northrop Grumann:
13:1 for defects avoided per hour spent in training and defect prevention. $3.9 B Estimated 2003 Sales after CMMI 5 certification.
Northrop Grumman Mission Systems focused on the long-term culture change: -
1. More data-driven decision making2. Identifying and meeting the customers’ needs3. Disciplined project management4. Improved engineering first-time quality to reduce re-work5. Efficient organizational infrastructure6. Use of industry best-practices7. Capturing of internal best-practices
Costs and Benefits of CMMI:
CMMI and COBIT:
CMMI is the perfect complement to COBIT. COBIT pinpoints the need for certain
controls and CMMI puts them into place. CMMI is very detailed and geared mostly to
software development.
Focuses on continuous improvement.Can be used for self-assessment.
COBIT and CMMI: contd..COBIT Processes addressed by CMMI are
1. Plan and Organize (3 out of 10 C Objectives)
2. Acquire and Implement (3 out of 7 C Objectives)
3. Deliver and Support (4 out of 13 C Objectives)
4. Monitor and Evaluate (1 out of 4 C Objectives)
COBIT Relationship with CMMI
Plan and Organize Provides better support for objectives with greater project focus such as requirements, risks, quality and project Management
Acquire and Implement Provides excellent coverage for achieving and implementation objectives
Delivery and Support Project Management processes can be translated to support management of service levels, third parties, capacity, problems and data
Continuous operation and user support services are not well covered
Monitor Provides for monitoring functions at the project level.
Does not involve audit controls at the organization level
10 Threats to Sarbanes-Oxley Compliance (* According to Deloitte) :
1.Lack of an enterprise-wide, executive-driven internal control management program
2. Lack of a formal enterprise risk management program
3. Inadequate controls associated with the recording of non-routine, complex, and unusual transactions
4. Ineffectively controlled post-merger integration
5. Lack of effective controls over the IT environment
6.Ineffective financial reporting and disclosure preparation process
7. Lack of formal controls over the financial closing processes
8. Lack of current, consistent, complete and documented accounting policies and procedures
9. Inability to evaluate and test controls over outsourced processes
10. Inadequate board and audit committee understanding of risk and Control
How CMMi helps in the aligning of business goals and IT goals:
Where RM, PP, PMC, SAM, M&A, PPQA, OT, DAR, OID, CM, RD, TS, PI, Ver, Val, IPM, OPP, OID, CAR are the process areas of CMMi.
CMMI and ITIL: Implementing CMMI and ITIL improves the Software Development Process
and Software Quality and reduces the Cost Of Quality (COQ).
Time to market reduced and precision in estimation of effort and cost enhanced.
CMMi is the de facto quality standard for SDLC.
ITIL for many is the tool of choice for the operations and infrastructure side of IT
CMMI doesn't address IT operations issues (security, change and configuration management, capacity planning, troubleshooting and service desk functions). This is why ITIL is used.
Digite’s case:With their CMMI implementation, they also answered the questions regarding the scope of mapping between ITIL & CMMI practices.
Thus ,CMMI to ITIL is a obvious graduation.
CMMI processes areas ITIL processes that CMMI maps
Project Planning
Project Monitoring and Control
Integrated Project Management
Measurement & Analysis
Configuration Management
Requirement Management/Development
Risk Management
Validation
Product Integration etc
Problem Management
Helpdesk
Incident Management
Change Management
Configuration Management
Service Level Management
Planning and Control
Contingency Planning
Security Management
CMMI and ITIL : A case
Synergy b/w ITIL CMMi & 6 sigma:
CMMI Vs ISO 27000CMMI ISO 27000
Organizations cannot be CMMI certified.An organization is appraised and is awarded a 1-5 level rating. (CMMI) is a process improvement approach.Covers practices for planning, engineering, and managing software development and maintenance CMMI best practices are published in documents called models. Each model address a different area of interest.These key practices improve the ability of organizations to meet goals for cost, schedule, functionality, and product quality. Adapted to each individual organization according to its business objectives.
Organizations can be ISO 27000 certified.It is for a family of information security management standards.In series of 27001 – 27000+.Provides uniformity and consistency throughout the ISMS family.Provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an ISMS.
Gap still prevails even after applying standards like CMMI
1. Process: 1. Process inconsistency is the key driver of waste in development.2. CMMI do not address other sources of waste such as availability of
right resources at right time and complexity of architecture.
2. Metrics: 1. Focuses on measuring key performance indicators in development
same as business measure productivity. 2. Helpful in environments with mature and well documented
frameworks. 3. Do not measure the waste that may occur in early stages of
development.
3. Technology: 1. Technology used in development primarily focuses on automation
such as code generation, documentation and version control. 2. Does not address the fundamental behavioral and cultural aspects
that are necessary to improve the productivity.
THANK YOU